Readers have reacted angrily to the news that UK police may soon
have the power to demand encryption keys from businesses and individuals.ZDNet UK reported on Thursday that the government is planning to activate Part 3 of the Regulation of Investigatory Powers Act, which gives law enforcement officers the authority to order the disclosure of encryption keys, or force suspects to decrypt encrypted data.
But, as several readers pointed out, the law could well be impossible to enforce.
"As encrypted data appears to be 'random' data, how will they know what is encrypted or just junk?" asked one reader.
Another, a tech support professional, pointed out that serious criminals would rather face a short sentence for withholding their key than risk a longer one by handing over incriminating evidence.
"This law — just like many others this government has introduced — would be expensive and almost impossible to enforce. Better to spend the money employing the expertise to de-code the systems which can be seized legitimately through existing laws."
Other readers suggested the move was reminiscent of George Orwell's 1984.
More then 600 people took part in a poll on ZDNet UK, which asked whether they supported the government's plans. Nearly 90 percent said they opposed the idea, with eight percent saying they were unconvinced and just two percent backing the government.
[? /*CMS poll(20004187) */ ?]
Legal
experts are also concerned about the implications of Part 3 of the RIP
Act. "When it was passed, RIPA evoked fears that innocent people would
be sent to jail for forgetting their password. The Home Office will
have a tough job addressing the renewal of these fears in its code of
practice,” said Struan Robertson, senior associate at Pinsent Masons
Talkback
You get what you vote for.
Back in the 1980s Phil Karn showed it is easy to build an encryption system that has multiple keys. Each key decrypts the encrypted block to a different message. The proposed law simply doesn't work faced with real crypto.
A second even worse problem is temporary keys. The keys used to encrypt network traffic are usually transient and invented by web browsers or even wireless router hardware. Try explaining that to a typical police grunt armed with a packet dump.
Trusted computing changes the rules further and I suspect that is why the government is moving now. The "crack they key" approach doesn't have long left.
consumer note; "You get what you pay for." Example: Case in point. When you use Microsoft licenses there is an EULA agreement? Right! When using an HP product there may well be a PDF diclosure under the "invent" heading in your search browser.
Arthur B - I bl**dy well didn't vote for them!
Jono. I know, but a million others did so maybe us people (and the press) need to make our fellow citizens more aware about small (technical) details making great differences in a whole range of areas.
As such I find it very strange that the Open Source community hasn't created, maintained and advertized a searchable historical data vault which lists and details all the facts about IT related affairs of the last ten years or so. Perhaps they don't quite understand what kind of public knowledge (=PR, =votes, =political influence) weapon that would be.
In an ideal world such a vault would be used by press reporters, researchers, politicians and who knows who else to do instant background research on each and every press release by whatever vendor, political party, etc, etc.